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2 NetWare FTP Server Administration Guide 


About This Guide 


This guide describes how to configure, and use NetWare FTP Server.The guide is intended for end 
users and network administrators and is divided into the following sections: 


* Chapter 1, “Overview,” on page 5 

* Chapter 2, “Configuring NetWare FTP Server,” on page 9 
+ Chapter 3, “Managing and Administering,” on page 21 

* Chapter 4, “Configuring with Cluster Services,” on page 35 
* Chapter 5, “NetWare FTP Server FAQs,” on page 41 

+ Appendix A, “NetWare FTP Server Messages,” on page 45 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
in a cross-reference path. 


Also, a trademark symbol E TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third- 
party trademark. 
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What's New 


Overview 


NetWare® FTP Server software provides FTP service for transferring files to and from NetWare 
volumes. You can perform file transfers from any FTP client by using the NetWare FTP Server to 
log in to a Novell® eDirectory™ tree. 


After logging in, you can navigate to other NetWare servers in the same eDirectory tree even if 
they are not be running FTP service. NetWare FTP Server is based on the standard ARPANET File 
Transfer Protocol that runs over TCP/IP and conforms to RFC 959. 


This chapter discusses the following topics: 


+ 


+ 


What’s New 
Features of the NetWare FTP Server 


The NetWare FTP Server has better performance compared to the previous release. 


The following configurable parameters, have been included in the configuration file 
etc\ftpserv.cfg. 


* DATA BUFF SIZE parameter enhances the data transfer performance. 


+ DEFAULT FTP CONTEXT parameter specifies the default context in which the users 
will be searched. 


* KEEPALIVE TIME parameter specifies the timeout time (in minutes) to close the 
connection which might be broken on one side. 


+ PSEUDO PERMISSIONS that includes PSEUDO FILE PERMISSIONS and 
PSEUDO DIR PERMISSIONS specify whether the FTP server should send UNIX-type 
permissions or trustee rights for display in the FTP client. 


FTP server is now capable of establishing secure connections with secure FTP clients. After 
successful negotiation of the SSL mechanism, all the commands and replies are encrypted 


For details, see “Security Extensions” on page 24. 


By default, the changes made to the FTP Server configuration file now take effect 
dynamically. If required, you can disable the dynamic configuration. 


For more details, see “Dynamic Configuration Updates” on page 21. 


When specifying a configuration file different from the default configuration file located at 
sys:etc\ftpserv.cfg, you can now specify the complete path of the file. 


You can now administer FTP Server using the web based administration utility provided by 
NPS Gadgets. 


For details, refer to “Configuring Using NPS Gadgets” on page 17. 
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The error handling is improved when compared to the previous release. 


Invalid configuration parameter values are updated appropriately when dynamic updates is 
enabled and New configuration related information and error messages are logged into the log 
files. 


NetWare FTP Server is highly scalable. It has been tested with 300 clients simultaneously for 
basic file transfer operations. 


Creating several anonymous user accounts with separate rights and contexts is now supported. 


NetWare FTP Server can now be used by UNIX clients. 


Features of the NetWare FTP Server 


The main features of NetWare FTP Server software include the following: 
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+ 


Multiple instances of NetWare FTP Server software 


Multiple instances of NetWare FTP Server software can be loaded on the same NetWare 
server, providing different FTP services to different sets of users. 


See “Initializing Multiple Instances of the NetWare FTP Server” on page 28. 

FTP access restrictions 

FTP access can be restricted at various levels through various types of access rights. 
See “Specifying Access Restrictions” on page 29. 

Intruder detection 


An intruder host or user who tries to log in using an invalid password can be detected and 
restricted. 


See “Managing Intruder Detection” on page 29. 
Remote server access 


FTP users can navigate and access files from other NetWare eDirectory servers in the same 
eDirectory tree and from remote IBM* servers, whether or not the remote servers are running 
NetWare FTP Server software. 


See “Accessing a Remote Server” on page 25 and Table 6, “Login Parameters,” on page 12. 
Anonymous user access 

An Anonymous user account can be set up to provide users with basic access to public files. 
See “Creating Anonymous User Access” on page 32. 

Special Quote Site commands 


These NetWare-specific commands can be used to change or view some of the NetWare 
server-specific parameters. 


See “Site Commands” on page 26. 
Firewall support 


When the FTP client is behind a firewall and the NetWare FTP Server cannot connect to the 
FTP client, NetWare FTP Server software supports passive mode data transfer and the 
configuration of a range of passive data ports. 


See Table 8, “Firewall Support Parameters,” on page 14. 
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Active Sessions display 


Details of all the active FTP instances at a particular time such as a list of all instances, details 
of each instance, all sessions in an instance, and all details of each session can be viewed. 


See “Viewing Active Sessions” on page 34. 
Name space support 


NetWare FTP Server software can operate in both DOS and long name spaces. The FTP user 
can dynamically change the default name space by using one of the Quote Site commands. 


See “Site Commands” on page 26. 
Simple Network Management Protocol error reporting service 


Simple Network Management Protocol (SNMP) traps are issued when an FTP login request 
comes from an intruder host or from a node address restricted through Novell eDirectory. The 
traps can be viewed on the management console. 


FTP logs 


The FTP service maintains a log of various activities: FTP sessions, unsuccessful login 
attempts, active sessions details, and system error and NetWare FTP Server-related messages. 


See “FTP Log Files” on page 32 
Welcome banner and message file support 


NetWare FTP Server software displays a welcome banner when an FTP client establishes a 
connection as well as a message file when a user changes the directory in which the file exists. 


See Table 9, “Welcome Banner and Message Files Parameters,” on page 14. 

MP Enabled 

The NetWare FTP Server is MP enabled. 

Web-based Administration 

You can configure the NetWare FTP Server using the NPS Gadgets management utility. 
See “Configuring Using NPS Gadgets” on page 17. 
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Configuring NetWare FTP Server 


Before starting the NetWare® FTP Server software, you need to configure it by setting the 
configuration parameters in the configuration file. 


This chapter discusses the following sections: 
* “Configuring Using Files” on page 9. 
* “Configuring Using NPS Gadgets” on page 17. 


Configuring Using Files 


The default configuration file is sys:/etc/ftpserv.cfg. After installing, this configuration files has all 
the parameters, commented with their default values. 
Guidelines for Modifying Configuration File 


+ Use the 8.3 file naming format for the configuration, restriction, welcome banner, message 
files, and the log files. Long name for these files is not supported. 


* If you enter a non-integer value for parameters where integer values are required, then the 
FTP Server sets the value to 0 or the default value. 


The following tables describe the parameters in the configuration file along with the default values 
and the range. 


+ Table 1, “Multiple Instances Parameters,” on page 10 

+ Table 2, “FTP Session Parameters,” on page 10 

+ Table 3, “Data Transfer Parameter,” on page 11 

+ Table 4, “Anonymous User Access Parameters,” on page 11 

+ Table 5, “Access Restrictions Parameters,” on page 12 

+ Table 6, “Login Parameters,” on page 12 

+ Table 7, “Intruder Detection Parameters,” on page 13 

+ Table 8, “Firewall Support Parameters,” on page 14 

+ Table 9, “Welcome Banner and Message Files Parameters,” on page 14 


+ Table 10, “FTP Logs Parameters,” on page 15 
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Table 1 Multiple Instances Parameters 
Parameter 


HOST_IP_ADDR 


FTP_PORT 


Table 2 FTP Session Parameters 
Parameter 


MAX_FTP_SESSIONS 


IDLE_SESSION_TIMEOUT 
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Default Value 


IP address of the host 


21 (Standard FTP port) 


Default Value 


30 


600 (seconds) 


Description 


The IP address of the host that 
the NetWare FTP Server 
software is being loaded on. 


Range = 0.0.0.0 to 
255.255.255.254. 


The port number that the 
NetWare FTP Server should bind 
to and listen for connection 
requests from. 


Range = 0 to 65535. 


If the port number value is not 
within the specified range, then 
the FTP Server takes the default 
value. 


Description 


Maximum number of FTP 
sessions that can be active at any 
point of time. Minimum value is 1. 


The maximum value can be 231 
(2147483648). 


If this value is set to less than 0, 
then the FTP Server takes the 
default value. 


The time (in seconds) that any 
session can remain idle. 


The maximum value is 232 
(4294967296) seconds. 


The session never times out if the 
value is set as negative. For 
example -1. 


Table 3 Data Transfer Parameter 
Parameter Default Value 


DATA_BUFF_SIZE 32 KB 


Table 4 Anonymous User Access Parameters 


Parameter Default Value 
ANONYMOUS_ACCESS No 
ANONYMOUS_HOME sys:/public 


ANONYMOUS _PASSWORD_REQ Yes 
UIRED 


Description 


Specifies the buffer size in kilobytes 
for the file transfer. It is applicable to 
both record and file structures. 


This parameter applies to the 
commands put, ls, get, and dir. 


Enter the value in the following format: 
DATA_BUFF_SIZE = 32 
Range = 4 to 1020 KB. 


The value can be set based on system 
memory available. 


If the value is less than 4, then the 
FTP Server takes the value as 4 KB. 


If the value is greater than 1020, then 
the FTP Server takes 1020 KB. 


Description 


Specifies whether anonymous 
user access is allowed. 


Valid values are Yes and No. 


The home directory of the 
anonymous user. 


The path format is 


volumename: [ / 
directory_name/...] 


This path can contain up to 512 
bytes. 


If colon (:) does not exist in the 
anonymous home directory, then 
the FTP Server takes default 
(sys:/public) to be the anonymous 
user home directory. 


Specifies whether to ask for an E- 
mail ID as the password for 
anonymous user to log in. 


Valid values are Yes and No. 
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Table 5 Access Restrictions Parameters 


Parameter 


RESTRICT_FILE 


Table 6 Login Parameters 


Parameter 


DEFAULT_USER_HOME- 
SERVER 


DEFAULT_USER_HOME 


IGNORE_REMOTE_HOME 


IGNORE_HOME_DIR 


SEARCH_LIST 


DEFAULT_FTP_CONTEXT 
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Default Value 


sys:/etc/ftprest.txt 


Default Value 


Server where FTP is 


running 


sys:/public 


No 


No 


Description 


NetWare FTP Server can define 
access restrictions to various 
levels of users, hosts, etc. These 
restrictions are defined in a file, 
which can be specified here. 


The path with the filename can 
contain up to 512 bytes. 


Description 


The name of the server that the default home 
directory is on. 


The path can contain up to 97 bytes. 


The default home directory of the user. 


The path with the filename can contain up to 
512 bytes. 


Specifies whether to ignore the home directory 
set in the Novell eDirectory user object, if it is 
on a remote server, and go to the default 
directory. 


Valid values are Yes and No. 


Specifies whether to ignore the home directory 
set in the eDirectory user object and go to the 
default directory. 


Valid values are Yes and No. 


A list of fully distinguished names of 
containers (contexts) in which FTP users are 
to be looked for (without any spaces), 
separated by commas. The length of this 
string including the commas should not 
exceed 2048 bytes. 


Each context specified by a fully distinguished 
name must begin with a leading dot (.). 


You can specify a maximum of 25 containers. 


Specifies the default context in which the 
users will be searched. Specify this as fully 
distinguished name (FDN). 


If you do not set the default FTP context, or if 
the specified context is invalid, then the 
bindery context of the server, if available, is set 
as default FTP context, otherwise the context 
of the server object is used. 


Table 7 


Parameter 


KEEPALIVE_TIME 


Intruder Detection Parameters 
Parameter 


DEFAULT_NAMESPACE 


INTRUDER_HOST_ ATTEMPTS 


INTRUDER_USER_ATTEMPTS 


Default Value 


10 


Default Value 


Long 


20 


5 


Description 


Specifies the timeout time (in minutes) to close 
the connection which might be broken on one 
side. 


Range = 5 to 120 minutes. 


Ifthe value is less than 0, then the FTP Server 
takes the value as 0. 


If the value is greater than 120 or between 1 to 
4 (both inclusive) then the FTP Server takes 
120 minutes. 


A value less than or equal to 0 minutes is 
taken as 0, which means no keep alive check 
is done. A value between 1 and 5 (both 
inclusive) or greater than 120 minutes is taken 
as 120 minutes. 


Vary the time based on FTP service usage. 
Typically, 10 minutes is adequate. 


However, for frequently broken connections 
(as is common with dial-up connections), 
decrease the timeout to clear broken 
connections faster. 


Some FTP clients might process keep alive 
packets incorrectly. In such a scenario 
increase or disable the timeout to allow longer 
sessions without a keep alive check. 


Description 


The default name space. 


The valid values are DOS and 
LONG. 


The number of unsuccessful log 
in attempts for intruder host 
detection. 


The maximum value is 2 32 
(4294967296) attempts. 


The number of unsuccessful log 
in attempts for intruder user 
detection. 


The maximum value is 232 
(4294967296) attempts. 


Configuring NetWare FTP Server 13 


14 


Parameter Default Value 


HOST_RESET_TIME 5 
USER_RESET_TIME 10 

Table 8 Firewall Support Parameters 
Parameter Default Value 
PASSIVE_PORT_MIN 1 
PASSIVE_PORT_MAX 65534 

Table 9 Welcome Banner and Message Files Parameters 
Parameter Default Value 


WELCOME_BANNER 
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sys:/etc/welcome.txt 


Description 


Time interval in minutes during 
which the intruder host is not 
allowed to log in. 


The maximum value is 232 
(4294967296) minutes. 


Time interval in minutes during 
which the intruder user is not 
allowed to log in. 


The maximum value is 2 32 
(4294967296) minutes. 


Description 


Minimum port number used for 
establishing passive data 
connection. 


Range = 1 to 65534. 


If this value is not within the 
range, then the FTP Server takes 
the default value. 


If this value is greater than the 
value specified for the maximum 
port number, then the FTP Server 
takes the default values of both 
parameters. 


Maximum port number used for 
establishing passive data 
connection. 


Range = 1 to 65534. 


If this value not within the range, 
then the FTP Server takes the 
default value. 


Description 


The content of this file displays 
when the FTP client establishes a 
connection. 


The path with the filename can 
contain up to 256 characters. 


Parameter 


MESSAGE_FILE 


Table 10 FTP Logs Parameters 


Parameter 


FTP_LOG_DIR 


NUM_LOG_MSG 


LOG_LEVEL 


FTPD_LOG 


Default Value 


message.txt 


Default Value 


sys:/etc 


32000 


FTPD 


Description 


The content of this file displays, 
when the user changes the 
directory. For this, the file with 
that name must exist in the 
directory. 


The path with the filename can 
contain up to 256 characters. 


Description 


The directory where log files are 
stored. 


This path could contain up to 256 
characters. 


Maximum number of messages 
logged in each log file. 


The value can be a maximum of 2 
31 messages. However, the 
maximum messages allowed is 
based on the disk space 
available. 


Indicates the level of messages 
logged. These are: 


1= ERROR 
2 = WARNING 
4 = INFORMATION 


The following combinations can 
be given. 


3 = ERROR, WARNING 
5 =ERROR, INFORMATION 
6 = INFORMATION, WARNING 


7 = ERROR, WARNING, and 
INFORMATION 


FTPD.LOG file is created 
automatically. This file contains 
all the internal system related 
information that NetWare FTP 
Server encounters. 


The path with the filename could 
contain up to 256 characters. 
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Parameter 


AUDIT_LOG 


INTRUDER_LOG 


STAT_LOG 


Table 11 Pseudo Permission Parameters 
Parameter 


PSEUDO_PERMISSIONS 
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Default Value 


FTPAUDIT 


FTPINTR 


FTPSTAT 


Default Value 


OFF 


Description 


FTPAUDIT.LOG file is created 
automatically. This file contains 
details of user login activities. 


The path with the filename could 
contain up to 256 characters. 


FTPINTR.LOG file is created 
automatically. This file contains 
details of unsuccessful login 
attempts. 


The path with the filename could 
contain up to 256 characters. 


FTPSTAT.LOG file is created 
automatically. This file contains 
details of all active sessions. 


The path with the filename could 
contain up to 256 characters. 


Description 


Specifies whether the FTP server 
should send UNIX-type 
permissions or trustee rights for 
display in the FTP client. 


When set to OFF (default), the 
FTP server sends the trustee 
rights to the FTP client. When set 
to ON, the FTP sends UNIX-type 
permissions to the FTP client. 


When this parameter flag is ON, 
the values for 
PSEUDO_FILE_PERMISSIONS 
and 
PSEUDO_DIR_PERMISSIONS 
are checked for length and 
validity. 


If their length exceeds 3 or any of 
the digits exceed 7, then the FTP 
Server takes the default values of 
these parameters. 


Parameter Default Value Description 


PSEUDO_ FILE PERMISSIONS 644 Specifies the pseudo permissions 
displayed for files in the FTP 
client. This does not impact the 
actual trustee rights available for 
the files in any way. 


This parameter is considered 
only when the 

PSEUDO _PERMISSIONS 
parameter is set to ON, otherwise 
this is ignored. The value must be 
a three digit octal value. 


Maximum value = 777. 


PSEUDO DIR_PERMISSIONS 755 Specifies the pseudo permissions 
displayed for directories in the 
FTP client. This does not impact 
the actual trustee rights available 
for the directories in any way. 


This parameter is considered 
only when the 

PSEUDO _PERMISSIONS 
parameter is set to ON, otherwise 
this is ignored.The value must be 
a three digit octal value. 


Maximum value = 777. 


Configuring Using NPS Gadgets 


You can use the NPS Gadgets management utility that NetWare 6.5 provides to configure the 
NetWare FTP Server. 


Installing FTP Admin Gadget 


Meet the following requirements for the FTP Admin gadget to get installed in ¡Manager. 
O Apcahe Web Server is selected during NetWare 6.5 install. 
O ¡Manager 2.0 is selected during the NetWare 6.5 install. 


For more information about installing ¡Manager 2.0 refer to Installing Novell ¡Manager 
section in the Novell ¡Manager 2.0 Administration Guide available with this release. 


Configuring FTP Server Settings 
4 Click the FTP Server link in ¡Manager to launch the FTP Server Administration screen. 


You can view the General, User, Security and Log tabs where you can configure NetWare FTP 
Server. 


2 Select the General tab to modify the FTP General parameters. 
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Figure 1 General tab 





Mig A -oedh 
Bo Ek yor foot It tee 


E FEET E 9 - JOE SZ 
[ES TTT===—=—===@<= eee er ea 
Novel E 

a Novell 

Sere e 0 = 

E) Potes aed Tess FTP Server Admini: m 
Jae A intatto 1) mò 











FTP port: 

Het Desh Marne. pa 
ea P sessione o secre 
E Arta Menaqeeeet semn resa fs se 

















Use General tab to modify parameters related to Multiple Instances, FTP Session, Firewall 
Port Limits for passive connections, and Pseudo permissions 


3 Select the User tab to modify the FTP User settings. 


Figure 2 User tab 
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Use this tab to modify parameters for FTP login and Anonymous access. 


4 Select Security tab to modify Intruder Detection parameters such as Host and User Intruder 
Detection Settings. 
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Figure 3 Security tab 
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5 Select the Log tab to view FTP log files on the server 


Figure 4 Log Settings screen 
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6 For more information on the parameters, refer to the online help. 


7 Click Save to save your settings or click cancel to retain the previous settings. 
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Managing and Administering 


This chapter discusses the following topics: 
* “Starting NetWare FTP Server” on page 21 
+ “Using the NetWare FTP Server from an FTP Client” on page 22 


+ “Administering” on page 28 


Starting NetWare FTP Server 


Load the NetWare® FTP Server software from the NetWare server using the following command: 


nwftpd 


When you start the software, the NetWare FTP Server uses the IP address of the host 
(HOST_IP_ADDR) and the port number (FTP_PORT), as defined in sys:/etc/ftpserv.cfg, the 
default configuration file, to bind to and listen for FTP client connection requests. 


If these parameters are not defined in the configuration file, the NetWare FTP Server binds to all 
configured network interfaces and the standard FTP ports (port number 21). 


To start the NetWare FTP Server software with a different configuration file (for example, 
myconfig.cfg), enter the following at the command line: 


nwftpd -c [volname: [/dirname/...]]myconfig.cfg 


Default directory = sys:/etc. Default volume= sys: 


Dynamic Configuration Updates 


The nwftpd command supports dynamic configuration updates by default. This means, the 
changes made to the configuration file with which the server has loaded take effect dynamically. 
The administrator need not unload and reload the server for the changes to take effect. 


Disabling Dynamic Configuration Updates 
To disable the dynamic configuration updates, use the following format: 


nwftpd [-c [volname: [/dirname/...]]myconfig.cfg] -d 


Creating an Anonymous User 


NetWare FTP Server software supports anonymous user account. This account provides users 
access to public files. You can enable or disable access to the anonymous user account by setting 
the ANONYMOUS_ACCESS parameter in the configuration file. By default, the parameter is set 
to No. Specify the path of the Anonymous user's home directory in the ANONYMOUS HOME 
directory parameter of the configuration file. 
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For more details, see Table 4, “Anonymous User Access Parameters,” on page 11. 
To create an anonymous user, use the following format: 


nwftpd -a [-c [volname: [/dirname/...]]myconfig.cfg] 
Using -a option 


When you use the -a option, NetWare FTP Server does the following: 


1. Creates the anonymous user, creates the home directory (if it is not available), and assigns the 
rights to the directory. 


2. On-screen prompts are displayed to enter the administrator name and password. The 
anonymous user is created in the eDirectory tree at the default context. 


3. The -a option modifies the configuration file for anonymous user access. 


However, it does not start the NetWare FTP Server. To start the NetWare FTP Server after this 
change, reload nwftpd. 


4. The configured anonymous home directory displays on the screen with an option to modify it. 


5. If the administrator does not specify a home directory, then the default directory is taken.The 
anonymous user has only Read and File Scan rights to the default directory. If the 
administrator specifies the anonymous home directory, then the directory is created and the 
Anonymous user can have Read, File Scan, Create, Delete, and Modify rights to that directory. 


6. The server takes the anonymous user home directory from the configuration file and displays 
it on the screen with the option to modify the directory. 
Rights 


When you manually create the anonymous user using a method other than nwftpd -a, ensure that 
the anonymous user has adequate rights to the anonymous home directory configured in the FTP 
Server. If adequate rights are not given, the file operations for the anonymous user might fail. 


Password 


The FTP Server assigns a blank password to the anonymous user. When the anonymous user 
attempts to log in, even though the FTP server gets an e-mail account as password, the anonymous 
user is logged on using a blank password. 


The anonymous user login succeeds in the following conditions: 
* When you create the anonymous user using nwftpd -a. 


* When you manually create the anonymous user and assign a password, but leave it blank. 


The anonymous user login fails when you manually create the anonymous user, and when doing 
so, either assign a password that is not blank, or do not assign a password . This is because the FTP 
Server expects a blank password for the anonymous user. 


Using the NetWare FTP Server from an FTP Client 
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This section discusses the following: 
* “Starting an FTP Session” on page 23 
* “Paths Formats” on page 26 
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+ 


“Accessing a Remote Server” on page 25 


* “Site Commands” on page 26 


+ “Name Space and Filenames” on page 27 


Starting an FTP Session 


To start an FTP session from a workstation running the FTP client software use the following 
format: 


ftp hostname | IP Address [Port Number] 


Parameter Description 


hostname| IP Address Name of the server in the DNS or 
IP address of the NetWare server 
running the FTP service. 


Port number The port where the server is 
listening for connection requests. 


Use this parameter only when 
connecting from UNIX or Linux 
clients. 


When you enter this command, the FTP client prompts for a username and password. 


Logging In to the eDirectory Tree 


You can log in to the NetWare FTP Server in one of the following ways: 


+ 


Specify the username with full context, including a leading dot (.). 
For example, 
.userl.sales.company. 


If you do not specify the context, the NetWare FTP Server searches for the user only in the 
current session context. 


Specify the context relative to the default context (which is the context ofthe NetWare server 
where FTP is running). Relative contexts do not include leading dots. 


For example, is the default context of NetWare FTP Server is. company, then the user1 
located in the .sales . company container can log in using the following format: 


userl.sales 


When logging in for the first time only with username without specifying the context, the 
NetWare FTP Server searches for the user in the following sequence: 


Default FTP context. 


. The first bindery context of the server, if it is set. 


a. The context of the NetWare server object, if the bindery context is not set. 


b. The contexts listed in the SEARCH LIST parameter of the configuration file ftpserv.cfg, 
in the order listed. 
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When a user login is successful, the NetWare FTP Server context gets set to the user's context. 
Therefore, when a user is logged in to an FTP session, and decides to authenticate as another user 
(without specifying a context), with the command, USER username, this new username is searched 
for under the context of the user previously logged in successfully. If the user is not found here, 
the user is searched in the order of contexts listed in the SEARCH_LIST parameter of ftpserv.cfg. 


Ifa user with an expired password attempts to log in to the NetWare FTP Server, a message stating 
that the password has expired displays after the user logs in. Logging in with an expired password 
uses the grace logins. If all the grace logins of the user expire, the user cannot log in and receives 
an error message. 


User Home Directory 


After the user logs in, the NetWare FTP Server places the user in the user's eDirectory home 
directory (1f defined) and attaches the user to the server where the home directory resides. 


Ifthe home directory is not defined or cannot be located, the NetWare FTP Server places the user 
in the default user home directory specified in the configuration file. 


To specify the name of the server where the default user home directory is located, use the 
DEFAULT USER HOME SERVER parameter. If the parameter is not specified, by default the 
NetWare FTP Server considers the default user home directory to be on the server where the 
NetWare FTP Server is running. 





A user is placed in the default user home directory under the following conditions: 
+ If IGNORE HOME DIR = Yes. 
+ IfIGNORE REMOTE HOME = Yes, and the user’s home directory is on a remote server. 


* Ifthe remote server on which the home directory exists is down. 


Logging In to Server running an IBM Operating System 


To log in to a remote Server running an IBM Operating System, the user must have a user account 
in that server. 


To log in to the IBM server from FTP client, start an FTP session using FTPHost. Give the 
username in the following format: 


@IBMservername. username 


To log in to an IBM server from a browser, use the following format: 


ftp //+IBMserver+username :password@FTPHost 


To log in as an anonymous user, the user name and password can be omitted: 


ftp //+IBMservername@FtpHost 
After logging in to an IBM server, the user is placed in the home directory of that IBM server. 


While logging in to an IBM server, the user is not authenticated to the eDirectory tree. So, 
navigation between IBM servers and eDirectory servers is not possible. 


Security Extensions 


Security extensions enable secure FTP clients that support SSL mechanism to establish secure 
connections with the server. 
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SSL is similiar to the encryption system used by https web pages. It provides secure method for 
sending sensitive information across connections. The control and data connections are fully 
encrypted so no one can view the your commands or your password, as is possible with all non 
encrypted FTP sessions. 


After successful negotiation of the SSL mechanism, all the commands and replies are encrypted. 


Netware FTP server supports the following mechanisms and commands related to security 
extensions. 


+ SSL encryption mechanism 
+ Command channel encryption. Data channel encryption is not supported 
* The following security extension commands: 

+ AUTH Mechanism Name 

+ PBSZ Protection Buffer Size 

+ PROT Protection Level 


FTP Clients 
For using security extensions, use FTP clients that support SSL mechanism. 
The following list gives a representative list of such FTP Clients: 
+ SmartFTP V1.0 


This is a browser based secure FTP client. You can download it from SmartFTP Website 
(http://www.smartftp.com). 


* ftps 


This is a command line FTP client from FreeBSD* that can be installed in Windows and 
UNIX machines. You can download it from BSDFTPD-SSL website (http://bsdftpd-ssl.sc.ru). 


+ Secure FTP 2 


This is a command line Secure FTP client. You can download it from GlubTech Inc website 
(http://www.glub.com/products/secureftp/download.shtml) 


Accessing a Remote Server 


The remote server can be another NetWare server or an IBM server, provided they are in the same 
tree. 


The double slash (//) indicates that the user wants to access a remote server. After the double slash, 
the first entry must be the name of the remote server. 
Navigating to eDirectory Servers 


After logging in to the eDirectory tree, users can access files and directories on a remote NetWare 
server whether or not the server is running Novell FTP Server software. 


The NCP™ protocol lets you transfer files and navigate to and from remote eDirectory servers. 
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Figure 5 How a NetWare FTP Server Accesses Remote NetWare Servers 
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To navigate to remote servers, use the following format: 


cd //remote server name/volume/directory pathname 


File operations such as get, put, and delete can be used on the remote server, even without changing 


directory path to that server. For example: 


get //remote_server_name/volume/directory path/filename 


If the current directory is on a remote server and the remote server goes down, the user is placed 
in the home directory in the home server. If the home server is not available, the user is placed in 


the default user home directory. 


Paths Formats 


Task 

Specifying the volume and directory path name 
Navigating to different volumes 

Switching back to the home directory 


Switching to home directory of any user 


Site Commands 


Command Format 
//server_name/volume_name/directory_path 
cd /volume_name 

cd ~ 


cd ~user_name 


The SITE command enables FTP clients to access features specific to the NetWare FTP Server. 


The SITE command has the following syntax: 


SITE [SLIST | SERVER | HELP | CX {CONTEXT} | LONG | Dos | ouj 


NOTE: The settings done through Site Comments are valid only for current session. 
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These commands are unique to the NetWare FTP service and are not standard FTP commands. 


The following table provides the list of quote site commands along with their descriptions: 


Command 
SLIST 


SERVER 


HELP 


CX 


OU 


LONG 


DOS 


Name Space and Filenames 


Description 
Lists all the NetWare servers within the eDirectory tree. 


Lists all NetWare servers in the current eDirectory 
context and its sub-OUs. 


For example, SITE SERVER displays all NetWare 
servers in the current context. 


Displays the help file related to the Quote Site 
commands. It gives the syntax, and description of all site 
commands. 


CX without a context displays the current context of the 
NetWare FTP Server 


CX with a context as an argument sets the current 
eDirectory context to a given value. For example: 


To change to an OU named "test" within the current 
context, use "cx ou=test" (which specifies a relative 
context). 


cx .ou=test.o=acme sets the context to the OU test using 
the absolute context 


CX with the argument ~ ,resets the context back to user’s 
context 


Displays all the organizational units relative to the current 
context 


OU enables users to display the eDirectory organizations 
(containers) below the current eDirectory context. 


Changes the configured name space to the LONG name 
space. 


Changes to the configured name space to the DOS name 
space. 


DOS changes the configured name space to the DOS 
name space. This change takes place only for the current 
session. All NetWare volumes support the DOS name 
space. 


NetWare FTP Server software supports DOS and LONG name space. The default name space is 
configured in the configuration file. FTP users can also change it dynamically using the QUOTE 
SITE DOS command or the QUOTE SITE LONG command. 


NOTE: The name space changed using Quote Site command is in effect only in the current session. 


The default configured name space is LONG. 
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When the user changes the name space, the change affects only those volumes that support the 
specified name space. If the LONG name space is not supported on a specific volume, users must 
follow the DOS file naming conventions of using no more than eight characters for the name plus 
no more than three additional characters for the extension. 


In both name spaces, the user views the response to the 1s or Dir in the NetWare format only. 
Format of the directory listing is as follows: 


type rights owner size time name 

where the above variables stand for: 
* Type: Type of file, where (-) indicates a file and (d) indicates a directory. 
* Rights: The file owner's effective NetWare rights of this file or directory. 


* Owner: NetWare user who created this file or directory. In case the mapping of objects and 
the owner's name is not found, the object ID is displayed. 


* Size: The size, in bytes, of the file or directory. In case of a directory, it is always 512. 
* Time: The modification date and time of the file or directory. 


+ Name: The name of the file or directory in the current name space. 


Administering 


This section discusses administering the NetWare FTP Server in the following areas: 
+ “Initializing Multiple Instances of the NetWare FTP Server” on page 28 
* “Managing Intruder Detection” on page 29 
+ “Specifying Access Restrictions” on page 29 
+ “Creating Anonymous User Access” on page 32 
* “FTP Log Files” on page 32 


+ “Viewing Active Sessions” on page 34 


Initializing Multiple Instances of the NetWare FTP Server 
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Multiple instances ofthe NetWare FTP Server can run on a single machine with different IP 
addresses, or port numbers. 


You can initialize multiple instances of the NetWare FTP Server, if each instance of the NetWare 
FTP Server has a unique IP address and port number combination. Each NetWare FTP Server 
instance can have its own configuration file and access restrictions file, and can listen on different 
IP addresses and port numbers. 


The NetWare FTP Server uses the IP address of the host (HOST_IP_ADDR) and the port number 
(FTP_PORT) as defined in the configuration file to bind to and listen for FTP client connection 
requests. You can specify the configuration file while starting the NetWare FTP Server. If these 
parameters are not defined in the configuration file, the NetWare FTP Server listens to the standard 
FTP port number on all of the NetWare Server's IP addresses. 


For more details, see Table 1, “Multiple Instances Parameters,” on page 10. 
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Managing Intruder Detection 


You can enable either host or user intruder detection at a time. 


For example, INTRUDER_HOST_ATTEMPTS can be disabled (set to 0) while 
INTRUDER USER ATTEMPTS is enabled (set to 1 or higher). 


If a successful login takes place before the maximum specified number of unsuccessful login 
attempts, the login failures count is reset to 0. 


If the invalid login attempts of the users and hosts are less than maximum attempts allowed, and 
they are not detected as intruder, they are removed from the corresponding list after refresh time 
of 72 hours. 


The intruder host, and the intruder user lists are refreshed every 72 hours. 


Host Intruder Detection 


A hostora client machine is considered an intruder when the number of consecutive login failures 
for any user from that host is more than the configured limit set by the 
INTRUDER HOST ATTEMPTS parameter. 
What happens when the Host is Identified as an Intruder? 

+ The Server closes the session. 

+ The host machine’s access to the NetWare FTP Server is denied the time interval specified by 


the HOST_RESET_TIME parameter in the configuration file. 


User Intruder Detection 


A user is considered an intruder when the number of unsuccessful login attempts is more than 
those specified by the INTRUDER USER ATTEMPTS parameter in the configuration file. 


All failed attempts from a user from different hosts are considered for intruder detection as same 
user. When the accumulated attempts for the same user from different hosts exceeds the maximum 
attempts, then that user is detected as intruder. 


What happens when the User is Identified as an Intruder? 


+ The user account is locked out for an interval of time specified by the USER RESET_TIME 
parameter in the configuration file. 


¢ User cannot log in from a different host until the reset time is over. 


Specifying Access Restrictions 


Restriction Levels 


The FTP service lets you specify access restrictions for a user, a client host, and the IP address of 
a client host. The access restrictions are specified in the restrictions file, RESTRICT_FILE, that 
can be configured. You can specify the access restrictions at various levels and multiple access 
rights are allowed. 


The following table describes the supported levels of access restrictions. 
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Restriction Level 


Container 


User 


Domain 


Address Range 


Host 
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Description 


Restriction can be specified for any eDirectory 
container. This controls all the users in that 
container and its sub-OUs. 


* container name 


The asterisk (*) indicates the container level 
restriction. The container should be a fully 
distinguished name. 


Restriction can be specified for a particular user. 
.user name 


The period (.) indicates user level restriction. The 
username should be a fully distinguished name. 


Restriction can be specified at the domain level. 
This controls all the hosts in that domain and its 
sub domains. The following is the RESTRICT file 
format: 


DOMAIN= domain name 


The DOMAIN= key word indicates the domain 
level restriction. 


The domain restrictions do not work if the 
NetWare server is not configured to query a valid 
DNS server, or if the restricted domain’s DNS 
database does not contain a pointer record 
(address to name resolution) for the FTP client 
address. 


Restriction can be specified based on the IP 
address or range. 


Restricts any node that has the IP Address within 
the specified IP address range. 


The range is specified by two IP addresses 
separated by a space. The range = 0.0.0.0 to 
255.255.255.254. 


The value 255.255.255.255 is invalid since 
255.255.255.255 is a broadcast address and not 
supported for ADDRESS_RANGE. 


Restriction can be specified for a particular host 
machine. 


ADDRESS= host name/IP address 


The ADDRESS= key word indicates the host 
level restriction. The host name or IP address of 
the host can be specified. 


The DNS configuration should be proper for 
address and domain name restrictions. 


Access Rights 


The following table describes the permitted access rights. 


Access Right Description 

DENY Denies access to the NetWare FTP Server for that 
client. 

READONLY Gives read-only access to the client. 

NOREMOTE During login, the NetWare FTP Server determines the 


user's home server / home directory. The user is 
unable to navigate outside the home server. 


NOTE: The home server can be different from the 
server where NetWare FTP Server is running. 


GUEST During login, the NetWare FTP Server determines the 
user's home server / home directory. The user is 
unable to navigate outside of the home directory. 


NOTE: The home server can be different from the 
NetWare FTP Server. 


ALLOW Gives normal FTP access without restriction. 


Keywords 
The following table describes the possible keywords. 
Keyword Description 
ADDRESS= Restricts a particular node. The IP address or 
machine name can be used. 
DOMAIN= Restricts a particular Domain. 
The asterisk (*) should be used for container level 
restrictions. 
ADDRESS_RANGE= Restricts a range of nodes based on the IP Address. 
It applies the restriction to any node that has the IP 
Address within the specified IP address range. 
ACCESS= Is mandatory for each line. It should be followed by 
access rights. 
Restrict File 


The format and organization of the restrict file is as follows: 
+ Each line should have one entity name and corresponding access rights. 


¢ The rights of the entities are assigned according to the order of the RESTRICT file. If different 
rights apply to the same entity, the latest entities that appear in the RESTRICT file are taken. 


¢ All rights specified in the same line are applied to that entity. 
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* Ifthe RESTRICT file does not exist or is empty, the ALLOW access is given to all users. 
Users have no restrictions other than those imposed by their own effective trustee rights to the 
file system. 


Example 1 

*.novell ACCESS=ALLOW 
*.testou.novell ACCESS=DENY 
.userl.testou.novell ACCESS=READONLY 


Userl at testou is granted read-only rights. The other users at testou.novell are denied the right to 
log in. However, all other OUs at .novell are allowed. 


Example 2 
*.testou.novell ACCESS=DENY 
*.novell ACCESS=ALLOW 


All OUs at .novell are allowed because both rights apply to testou and the later would be taken. 


Example 3 


ADDRESS=Clientmachinel.blr.novell.com ACCESS=NOREMOTE 
.userl.novell ACCESS=READONLY 


The userl logging from clientmachinel will have read-only and no remote access. 


For more details, see Table 5, “Access Restrictions Parameters,” on page 12 


Creating Anonymous User Access 


FTP Log Files 


NetWare FTP Server software supports anonymous user account. This account provides users 
access to public files. 


You can enable or disable access to the anonymous user account by setting the 
ANONYMOUS_ACCESS parameter in the configuration file. By default, the parameter is set to 
No. Specify the path of the Anonymous user's home directory in the ANONYMOUS_HOME 
directory parameter of the configuration file. 


To create an anonymous user account, load the NetWare FTP Server with the -a option. This 
creates the anonymous user, creates the home directory (if it is not available), and assigns access 
rights to the anonymous user. The administrator name and password are then taken from the screen 
and the anonymous user is created in the eDirectory tree at the default context. Also, the 
configured anonymous home directory is displays on the screen with an option to modify it. 


If the administrator does not specify a home directory, then the default directory is taken. The 
anonymous user has only Read and File Scan rights to the default directory. If the administrator 
specifies the anonymous home directory, then the directory is created and the Anonymous user can 
have Read, File Scan, Create, Delete, and Modify rights to that directory. 


For more details, see Table 4, “Anonymous User Access Parameters,” on page 11. 


The NetWare FTP Server has four log files for recording different activity information. All the log 
files are created in the FTP_LOG_DIR directory specified in the configuration file. 
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Statistics Log File 


Intruder Log File 


The LOG_LEVEL parameter defined in the configuration file controls the number and type of 
information logged. 


Specifying Log Levels 


The log levels indicate bits for which you can give any combination. 


+ 1= ERROR 
* 2= WARNING 
* 4= INFO 
Log Level Combination Logged 
LOG _LEVEL = 3 Error messages and warning 
messages. 
LOG LEVEL = 4 Error messages and warning 
messages. 
LOG _ LEVEL = 7 (Default) All messages are logged 


The NUM _LOG_MSG parameter specifies the maximum number of messages that is logged into 
each of the log files. After exceeding this limit, the log files are overwritten and the old messages 
are lost. 


Statistics log file contains details of all active sessions in the log file. The default path is sys:/etc/ 
ftpstat.log. 


Statistics log file maintains the following three record types.Every record type is separated by a 
comma. 


+ TRANSFER: Contains information related to the data transfer. 
+ USER: Contains information related to users logged in/out. 


+ FAILURE: Contains information about the number of failures during data transfer. 


Intruder log file contains information about unsuccessful login attempts. The default path is sys:/ 
etc/ftpintr.log. 


The following information is recorded in the file: 
* The address of the machine where the login originated 
* The time of the attempted access 


* The login name of the user 


The general intruder log format is: 





ErrorLevel: Date Time : Client IPaddress : UserName : message 
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System Log File 


System log file contains all the internal system-related information encountered by the NetWare 
FTP Server. 


The general System log file format is 


Error: Thread ID: Date Time: Message 





For more details, see Table 10, “FTP Logs Parameters,” on page 15. 


Viewing Active Sessions 


To load the Active Sessions display utility, enter 
ftpstat [-p port number] 


The server takes a port number that the HTTP browser should connect to in order to view the 
NetWare FTP active sessions. The default port is 2500. 


You can view session-based details such as bytes sent, bytes received, session duration, files sent, 
files received, and current Novell® eDirectory™ context. 


These details are not tied to individual user logins. 
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Configuring with Cluster Services 


To configure NetWare® FTP Server with Novell® Cluster Services™, NetWare FTP Server must 
be installed on each server in your cluster that will run it. 


NetWare FTP Server is selected by default during the NetWare 6.5 installation, and might already 
be installed. 


Preparing to Cluster Enable 


The configuration file ftpserv.cfg is created by default during the NetWare FTP Server installation 
and is placed in the sys:\etc directory. A separate ftpserv.cfg file exists for each NetWare FTP 
Server that is installed on the cluster. 


Each ftpserv.cfg file contains a line that specifies the IP address assigned to the NetWare FTP 
Server. By default, the IP address assigned to the NetWare FTP Server is the same IP address that 
is assigned to the NetWare server where the NetWare FTP Server resides. 


Editing Configuration File 


Edit the configuration file, ftpserv.cfg and make the following changes: 


1 Change the HOST_IP_ADDR line to assign a separate unique IP address to the NetWare FTP 
Server. 


By assigning a unique IP address to the NetWare FTP Server, you enable it to bind to the 
unique IP address instead of to the IP address of the local host and move with the NetWare 
FTP Server during failover and failback. 


For example, if the unique IP address you want to assign to the NetWare FTP Server is 
123.45.67.012, the line would read as follows: 


Host_IP_ADDR=123.45.67.012. 


2 Change the DEFAULT USER HOME line to specify the user home directory and volume on 
the shared disk system. 


For example, if the user home directory on the shared volume is share1:/home, the line would 
read as follows: 





DEFAULT_USER_HOME=sharel:home. 














The ftpserv.cfg also contains a line that specifies the default home directory for FTP users. This 
home directory must reside on a volume on the shared disk system. Cluster-enabling the volume 
where the home directory resides is not required. 
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Running in Active/Active and Active/Passive Modes 


NetWare FTP Server can be run in ACTIVE/ACTIVE and in ACTIVE/PASSIVE modes. 


Mode 


Active/Active 


Active/Passive 


Configuring Active/Active Mode 


Functionality 


NetWare FTP Server runs 
simultaneously on multiple 
servers in the cluster. When a 
Web server fails, the FTP sites on 
that server failover to other FTP 
servers in the cluster. 


Only FTP sites move 


NetWare FTP Server runs on only 
one node in the cluster at a time. 


When a Web server fails, 
NetWare FTP Server starts on 
other specified nodes in the 
cluster, and the FTP sites that 
were on the failed server fail over 
to other nodes in the cluster. 


Remarks 


Provides faster recovery after a 
failure. 


We recommend running NetWare 
FTP Server in this mode 


Marginally slower because 
NetWare FTP Server has to load 
on other servers in the cluster 
before FTP sites can fail over. 


Running FTP Server in ACTIVE/ACTIVE mode is required if you plan to run more than one FTP 
Server on the same NetWare server. 


Each FTP server must have its own configuration file with a unique name which specifies the FTP 
server's IP address and shared volume directory. 


4 Launch NetWare FTP Server from the autoexec.ncf file of each NetWare server in the cluster 
that will run NetWare FTP Server. 


2 Inthe autoexec.ncf file ofeach NetWare server in the cluster that will run NetWare FTP Server 
in ACTIVE/ACTIVE mode, add the following lines in the order specified. 


ADD SECONDARY IPADDRESS A.B.C.D NOARP 


NWF'TPD 
LOAD DELAY. NLM 
DELAY 5 


DEL SECONDARY IPADDRESS A.B.C.D 


Replace 4.B.C.D with the unique IP address you assigned the NetWare FTP Server. 


If you are running multiple FTP servers on your cluster, repeat the ADD and DEL 
SECONDARY IPADDRESS lines for each FTP server, because each FTP server requires its 


own IP address. 


Example 


If you have three FTP servers on the cluster: 


1 Create three configuration files named ftpserv1.cfg, ftpserv2.cfg, and ftpserv3.cfg. 


2 Copy them to the sys:\etc directory of each NetWare server in the cluster that will run the FTP 


Servers. 
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Each configuration file contains the IP address and shared volume directory for its 
corresponding FTP server. 


3 Add the following lines to the autoexec.ncf file of each server in the cluster that will run the 
three FTP servers in active/active mode: 


ADD SECONDARY IPADDRESS A1.B1.C1.D1 NOARP 
ADD SECONDARY IPADDRESS A2.B2.C2.D2 NOARP 
ADD SECONDARY IPADDRESS A3.B3.C3.D3 NOARP 
NWFTPD -C FTPSERV1.CFG 

NWFTPD -C FTPSERV2.CFG 

NWFTPD -C FTPSERV3.CFG 

LOAD DELAY. NLM 

DELAY 5 

DEL SECONDARY IPADDRESS A1.B1.C1.D1 

DEL SECONDARY IPADDRESS A2.B2.C2.D2 

DEL SECONDARY IPADDRESS A3.B3.C3.D3 


delay.nlm provides enough time for the FTP server to load before the secondary IP addresses 
are deleted. To ensure that enough time is allotted, alter the delay time. 
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For more details, see Novel! Cluster Services Overview and Installation (http:// 
www.novell.com/documentation). 


2 After NetWare FTP Server is installed, you must create and configure an NetWare FTP Server 
resource in Novell Cluster Services for each FTP server that will run in your cluster. 


This includes configuring load and unload scripts; setting Start, Failover, and Failback modes; 
and assigning the NetWare FTP Server resource to specific nodes in your cluster. 


IMPORTANT: When you configure NetWare FTP Server to run in the Active/Passive mode, make sure 
to comment the nw£tpd entry in autoexec.ncf. Also, before you bring the resource online, execute 
unload nwftpd to bring down the FTP service already running. 


Creating a Cluster Volume Object 


Before starting to use NetWare FTP Server with cluster support, create a shared volume and a 
Cluster Volume object. 


1 Create a shared volume using NWCONFIG > NSS volumes. 
2 Create a Cluster Volume object in ConsoleOne. 
2a Select the Cluster object. 
2b Click File > New > Cluster > Cluster Volume. 
2c Browse and select the shared volume. 
2d Enter the secondary IP address or the virtual IP address associated with the cluster. 
The format for the address is: 
AAA.BBB.CCC.DDD 


2e Check the Define Additional Properties check box and click Create. 
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2f Set the Start, Failover, and Failback Modes. 
2g Verify the order of the servers in the nodes list. 


2h Click OK to save the changes to the Cluster Volume object. 


IMPORTANT: After the shared volume servername_shared vol name is cluster- enabled, ConsoleOne 
renames it to cluster object name_shared vol name. 


ConsoleOne creates a virtual server associated with the shared volume called cluster object 
name_shared vol name_SERVER. 


ConsoleOne also creates a Cluster Volume object called shared vol name_SERVER in the Cluster object 
container. 


Configuring NetWare FTP Server Load and Unload Scripts 


Select and right-click the Cluster Volume object and then click Properties to find the Cluster 
Resource Load Script and Cluster Resource Unload Script. Novell Cluster Services requires Load 
and unload scripts to start and stop the NetWare FTP Server. 


1 Add nwftpd at the end of the existing load script 
2 Add unload nwftpd at the beginning of the existing unload script. 


Replace VOLUME in both the load and unload scripts with the name of the shared disk volume 
where webroot exists. Replace 4.B.C.D with the secondary IP address assigned to the 
NetWare FTP Server cluster volume object. This is the IP address that moves with the 
NetWare FTP Server during failover and failback. The nwftpd command is omitted in Active/ 
Active mode. 


Setting NetWare FTP Server Start, Failover, and Failback Modes 
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1 In ConsoleOne, double-click the cluster object container. 
2 Right-click the cluster resource object shared vol name_SERVER and select Properties. 
3 Click the Policies tab on the property page. 


4 View or change the Start, Failover, or Failback mode. 


The following table explains the different NetWare FTP Server resource modes. 


Mode Settings Description 


Start AUTO, MANUAL AUTO allows NetWare 
FTP Server to 
automatically start on a 
designated server when 
the cluster is first brought 


up. 


MANUAL lets you 
manually start the 
NetWare FTP Server on 
a specific server 
whenever you want. 


Default = AUTO 
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Mode 


Failover 


Failback 


Settings 


AUTO, MANUAL 


AUTO, MANUAL, 
DISABLE 


Description 


AUTO allows NetWare 
FTP Server to 
automatically move to 
the next server in the 
Assigned Nodes list in 
the event of a hardware 
or software failure. 


MANUAL lets you 
intervene after a failure 
occurs and before 
NetWare FTP Server is 
moved to another node. 


Default = AUTO 


AUTO allows NetWare 
FTP Server to 
automatically move back 
to its preferred node 
when the preferred node 
is brought back online. 


MANUAL prevents 
NetWare FTP Server 
from moving back to its 
preferred node when that 
node is brought back 
online until you are ready 
to allow it to happen. 


DISABLE causes 
NetWare FTP Server to 
continue running in an 
online state on the node it 
has failed to. 


Default = DISABLE 
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NetWare FTP Server FAQs 


This section discusses the FAQs that the users and system administrators might have while using 
NetWare® FTP Server. 


NetWare FTP Server FAQs 


When nwftpd.nim is loaded, why does the message "Unable to find default configuration file 
FTPSERV.CFG" display? 


Explanation: This message displays when you load the nwftpd.nlm without the —e option and when ftpserv.cfg, 
the default configuration file, is not the configuration file in SYS:\ETC, the default directory. 


Action: When loading nwftpd.nlm, use the —e option to specify the configuration filename in use and 
include the complete path if this configuration file is not in the default directory SYS:\ETC. 


When | load FTPServer, the message "FTPSERVER failed to bind to port" displays. What should | do? 


Action: Check whether FTPServer is already loaded and is using the same port number. Also check if any 
other application is running on the same port which FTPServer is trying to use. For information on 
the valid port number range, refer to the FTP_PORT parameter in the default configuration file 
(Default = sys:\etc\ftpserv.cfg). 


The access restrictions specified in the restrictions file aren't working. What should | do? 
Explanation: The restrictions will not work if the restriction file is not in the 8.3 format. 


Action: Make sure that the restrictions file is in the 8.3 file format. Specify the DOS name assigned for the 
new restriction file in the ftpserv.cfg. 


Why am | not able to see directory listing in my FTP client even after connecting to the NetWare FTP 
server? 


Explanation: The FTP client that you are using might be one which expects UNIX-like file permissions. The 
NetWare FTP Server by default sends NetWare trustee rights along with the files and therefor this 
may be incomprehensible to your FTP client. 


Action: Set the PSEUDO PERMISSIONS parameter to ON in the configuration file (Default = 
sys:\etc\ftpserv.cfg). Set the PSEUDO FILE PERMISSIONS and 
PSEUDO DIR PERMISSIONS parameters based on the kind of permissions you want to display 
for files and directories respectively in the FTP client. 


Why is anonymous user not able to log on to the NetWare FTP server even after setting the 
ANONYMOUS_USER_ACCESS to on in the configuration file? 


Explanation: The anonymous user might be created manually using a method other than nwftpd -a. 
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Action: While creating anonymous user like this, make sure that the anonymous user has been assigned a 
blank password and also given proper access rights to the anonymous home directory. 


Explanation: The anonymous user login expects an e-mail address as input for the password. While most FTP 
servers check only for the at sign (@) sign in the password, the NetWare FTP server checks for the 
at sign (@) followed by atleast a single valid character. 


| have an anonymous user account in the DEFAULT_FTP_CONTEXT. Though | am able to access my 
anonymous account irrespective of the current context that | am in, why am I not able to do the same 
for other user accounts present in the DEFAULT_FTP_CONTEXT? 


Explanation: While all users are searched in the current session context and then also in the contexts specified 
in the SEARCH_LIST, the anonymous user is always searched only in the 
DEFAULT FTP CONTEXT irrespective of the current session context. The anonymous user is 
never searched in the contexts specified in the SEARCH_LIST due to security reasons. 


Action: Ifyou want all your users present in a particular context to be able to log in irrespective of the 
current session context, then include that context in the SEARCH LIST parameter of the 
configuration file. 


Even after | load the FTP server, why am I not able to connect to it from my client? 


Explanation: There must have been some problems while loading the FTP Server. (For example, another 
application was using the same port). These problems are reported in the logger screen of the 
NetWare Server. 


Why are directory listing command options not working from my FTP client? 


Explanation: The NetWare FTP Server does not support the directory listing command options such as ls -al. 


Why is dynamic configuration of NetWare FTP Server not working? 


Explanation: Dynamic configuration does not work if the configuration file, ftpserv.cfg is modified using 
notepad or any application from mapped drive. 


NPS Gadgets User Interface 


Does the UI provide all invalid parameter handling that the ftpserv.cfg provides? 


Explanation: Most of the invalid parameter handling is done by the UI except for the following that will be 
resolved in the FCS release: 


General Tab 


+ When the Disable Timeout check box is selected, the Session timeout parameter is not 
disabled. 


* Although pseudo permission parameter is set to Off by default, the UI does not disable the 
parameters Pseudo file permissions and Pseudo directory permissions. 


This issue occurs only the first instance when you modify Pseudo Permission parameter using 
the UI. 


User Tab 


* Although the Anonymous User access is disabled (not checked), you can edit Anonymous 
user directory parameter, and Require e-mail for password check box. 
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This issue occurs only the first instance when you modify Pseudo Permission parameter using 
the UI. 


Security Tab 


+ Ul does not check the valid value range for parameters related to Host Intruder Detection and 
User Intruder Detection. 


Action: Refer to the online help for valid values for the parameters. 


In the Log Tab, when | select a log file and click View, | get an error, and the FTP Server Administration 
page does not display. How can | proceed? 


Explanation: This error displays because the log file that you select is empty. 


Action: To proceed administering FTP Server select the FTP Server from the ¡Manager roles and tasks. 
The navigation issue will be resolved in the FCS release. 
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NetWare FTP Server Messages 


This section explains NetWare FTP Server messages along with possible causes and suggested 


actions to resolve the problem. 


NWFTPD Messages 


Failed to bind to FTP port 
Source: nwftpd.nlm 
Explanation: The port that the NetWare FTP Server is trying to bind is busy. 


Possible Cause: Another instance ofthe NetWare FTP Server or another application is bound to the port. 


Action: Unload the application that is bound to the port, or bind the NetWare FTP Server to a different port, 


or delete the busy port from TCPCON. 


Failed to initialize Anonymous user 
Source: nwftpd.nlm 
Explanation: The NetWare FTP Server failed to create an anonymous user. 
Possible Cause: Incorrect data was entered to create the user. 


Action: Enter nwftpd -a [-c [volname:[/dirname/...]]myconfig.cfg]. 


Failed to add Anonymous User object to NDS 
Source: nwftpd.nlm 
Possible Cause: The administrator user entered has insufficient rights. 


Action: When prompted for the name of the administrator, enter a user with sufficient rights. 


Failed to generate an ObjectKeyPair for the Anonymous User 
Source: nwftpd.nlm 
Possible Cause: The anonymous user entered has insufficient rights. 


Action: Ensure that the anonymous user has sufficient rights. 


Failed to open configuration file 
Source: nwftpd.nlm 
Possible Cause: The configuration file is not available at specified location. 


Action: Verify if the configuration file is available at the specified location. 
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Unable to find default configuration file 
Source: nwftpd.nlm 
Possible Cause: Configuration file is not available at the default location (sys:/etc). 


Action: Verify if the configuration file is available at the default location. 


Unable to locate Anonymous user in default context 
Source: nwftpd.nlm 


Possible Cause: SYS:ETC\HOSTS has an incorrect or missing entry for it's own server address and name, or the 
anonymous user does not exist at the NetWare FTP Server's context. 


Action: Verify that sys:etc\hosts contains an entry for it's own server, in the format: 
ip_address servername 


Run nwftpd -a to create anonymous user and reload nwftpd. 


USAGE : nwftpd [-a] [-c <Config File>] [-d] 
Source: nwftpd.nlm 
Possible Cause: The user might have tried to load nwftpd.nlm with wrong usage. 

Action: To load FTP Server with default configuration file, enter the following command: 
nwftpd 
To create anonymous user, use the following command: 
nwftpd [-a] 
To load FTP Server with for specific configuration filename, enter the following command: 
nwftpd[-c [volname: [/dirname/...]]myconfig.cfg] 
To disable dynamic configuration updates, enter the following command: 


nwftpd [-d] 
FTPUPGRD Messages 


Could not create the .cfg file. 
Source: FtpUpgrd.nlm 


Possible Cause: Configuration file does not exist for NetWare FTP Server upgrade, or the existing configuration 
file has read-only access. 


Action: Modify the file access if it is read-only or specify proper configuration file name with the 
following command: 


ftpupgrd [-c [volname: [/dirname/...]]myconfig.cfg] 


Could not create the NetWare FTP Server Restriction file. 
Source: FtpUpgrd.nlm 


Possible Cause: Restriction file does not exist for NetWare FTP Server upgrade, or existing Restriction file has 
read-only access. 
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Action: 


Failed to upgrade. 
Source: 


Possible Cause: 


Action: 


Modify the file access if it is read-only or specify proper restriction filename. 


FtpUpgrd.nlm 


Configuration file does not exist for NetWare FTP Server upgrade, or existing configuration file 
has read-only access, or the restriction file does not exist for NetWare FTP Server upgrade, or the 
existing Restriction file has read-only access 


Modify the file access if it's read-only or specify proper configuration file name with the following 
command. Modify the file access if it is read-only or specify proper restriction filename. 


ftpupgrd [-c [volname: [/dirname/...]]myconfig.cfg] 


Correct Usage: ftpupgrd [-c <Config File>] 


Source: 
Possible Cause: 


Action: 


FtpUpgrd.nlm 
User might have tried to load FTPUPGRD.NLM with wrong usage. 
Use the specified usage: 


ftpupgrd [-c [volname:[/dirname/...]|myconfig.cfg] 
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